worksites.baxter.com
Open in
urlscan Pro
13.107.139.11
Malicious Activity!
Public Scan
Submission: On January 31 via manual from BE — Scanned from DE
Summary
TLS certificate: Issued by Entrust Certification Authority - L1K on November 11th 2022. Valid for: a year.
This is the only time worksites.baxter.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 13.107.139.11 13.107.139.11 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 1 |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
worksites.baxter.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
baxter.com
worksites.baxter.com |
12 KB |
4 | 1 |
Domain | Requested by | |
---|---|---|
4 | worksites.baxter.com |
worksites.baxter.com
|
4 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
myapps.microsoft.com |
signup.live.com |
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
worksites.baxter.com Entrust Certification Authority - L1K |
2022-11-11 - 2023-11-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://worksites.baxter.com/sites/ocp_portal/_layouts/15/acceptinvite.aspx?invitation=%7B687543D5%2D45BE%2D42D2%2D8762%2DE5DACC2457F8%7D
Frame ID: F6BB769A321FCFAC007A9B3F96E2F3FE
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
Willkommen bei SharePoint OnlineDetected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- \.aspx?(?:$|\?)
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: myapps.microsoft.com
Search URL Search Domain Scan URL
Title: Erstellen Sie ein Microsoft-Konto, das geht leicht und schnell!
Search URL Search Domain Scan URL
Title: Rechtliche Hinweise
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
acceptinvite.aspx
worksites.baxter.com/sites/ocp_portal/_layouts/15/ |
5 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
O365BrandSuite.png
worksites.baxter.com/_layouts/15/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WindowsLiveHotmail.png
worksites.baxter.com/_layouts/15/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MicrosoftOnlineServiceID.png
worksites.baxter.com/_layouts/15/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange number| g_duration number| g_iisLatency number| g_cpuDuration number| g_queryCount number| g_queryDuration number| g_requireJSDone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com; |
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
worksites.baxter.com
13.107.139.11
80ee541df476d7a3a5e2cd242233b2c089189af831cc62d8f0b1778d8075eba1
989b447ae71af111ef417ac1c41b09e8f6a6c34ab4b222e78cfa2b0f3c935b11
da7b1e7c0e95a9caba46be191f562268cee236556f67e4b10f2b3a05785b9cad
db9cc9c12e38305328a7a4de59b9489a1b3e580dd1f08efa28815d9d6abff715